yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 16:15:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
4624 commits 88 branches 205 tags 69 MiB
Commit graph

4624 commits

This branch
This branch
All branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard 4aa6f12d0c Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 
* mbedtls-2.1:
  Allow comments in test data files
 2017-12-19 12:20:18 +01:00
Manuel Pégourié-Gonnard 86bc448e75 Merge remote-tracking branch 'public/pr/1118' into mbedtls-2.1 
* public/pr/1118:
  Allow comments in test data files
 2017-12-19 12:19:52 +01:00
Manuel Pégourié-Gonnard 914fd5d2c9 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 
* mbedtls-2.1:
  ssl-opt.sh: support fixed seed for random tests
 2017-12-19 12:19:12 +01:00
Manuel Pégourié-Gonnard 157393a2f4 Merge remote-tracking branch 'public/pr/1192' into mbedtls-2.1 
* public/pr/1192:
  ssl-opt.sh: support fixed seed for random tests
 2017-12-19 12:18:54 +01:00
Manuel Pégourié-Gonnard 329d0904ab Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 
* mbedtls-2.1:
  Address PR review comments
  Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
 2017-12-19 11:43:10 +01:00
Manuel Pégourié-Gonnard 227692a6b1 Merge remote-tracking branch 'public/pr/1160' into mbedtls-2.1 
* public/pr/1160:
  Address PR review comments
  Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
 2017-12-19 11:42:29 +01:00
Manuel Pégourié-Gonnard 451ea75286 Merge remote-tracking branch 'restricted/pr/412' into mbedtls-2.1-restricted 
* restricted/pr/412:
  Correct record header size in case of TLS
  Don't allocate space for DTLS header if DTLS is disabled
  Improve debugging output
  Adapt ChangeLog
  Add run-time check for handshake message size in ssl_write_record
  Add run-time check for record content size in ssl_encrypt_buf
  Add compile-time checks for size of record content and payload
 2017-12-19 11:33:07 +01:00
Manuel Pégourié-Gonnard c0b9456f60 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 
* mbedtls-2.1:
  Fix build error with gcc -Werror=misleading-indentation
 2017-12-18 11:46:43 +01:00
Manuel Pégourié-Gonnard d1ededf4a3 Merge remote-tracking branch 'public/pr/1187' into mbedtls-2.1 
* public/pr/1187:
  Fix build error with gcc -Werror=misleading-indentation
 2017-12-18 11:46:10 +01:00
Manuel Pégourié-Gonnard 3fe67dae0b Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 
* mbedtls-2.1:
  Fix build without MBEDTLS_FS_IO
 2017-12-18 11:44:26 +01:00
Manuel Pégourié-Gonnard 912e4471bb Merge remote-tracking branch 'public/pr/1185' into mbedtls-2.1 
* public/pr/1185:
  Fix build without MBEDTLS_FS_IO
 2017-12-18 11:44:07 +01:00
Hanno Becker e40802aebc Correct record header size in case of TLS 
The previous commit reduced the internal header size to 5 bytes in case of
TLS. This is not a valid since in that situation Mbed TLS internally uses the
first 8 bytes of the message buffer for the implicit record sequence number.
 2017-12-07 08:27:56 +00:00
Gilles Peskine 92e6a0e71a Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-12-04 18:01:28 +00:00
Gilles Peskine a15486a35f Merge branch 'pr_1044' into mbedtls-2.1 2017-12-04 17:29:28 +01:00
Gilles Peskine 45c8f6a38a Added ChangeLog entry 2017-12-04 17:28:09 +01:00
Gilles Peskine 4b36dfb820 Merge remote-tracking branch 'upstream-public/pr/1174' into mbedtls-2.1 2017-12-04 17:20:45 +01:00
Gilles Peskine aed7188b2e Merge remote-tracking branch 'upstream-restricted/pr/427' into mbedtls-2.1-restricted 2017-12-01 18:05:40 +01:00
Gilles Peskine bb4aaf1bbc ssl-opt.sh: support fixed seed for random tests 
Support --seed and $SEED to set the seed for random tests.

Partial backport of commit 7770ea82d5
(the part applying to all.sh is already present).
 2017-12-01 17:23:34 +01:00
Gilles Peskine 14ab4cff9f Fix build error with gcc -Werror=misleading-indentation 
Fix misleading indentation. This was just bad indentation, the
behavior was correct. It was detected by gcc 6.
 2017-12-01 11:45:21 +01:00
Gilles Peskine 6ddfa37084 Fix build without MBEDTLS_FS_IO 
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by d08ae68237
    Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1
 2017-11-30 12:20:19 +01:00
Gilles Peskine 6cf85ff1a4 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-11-29 21:07:28 +01:00
Gilles Peskine 49349bacb9 Merge remote-tracking branch 'upstream-public/pr/1153' into mbedtls-2.1 2017-11-29 20:53:58 +01:00
Gilles Peskine f663c22ab7 Merge remote-tracking branch 'upstream-public/pr/916' into mbedtls-2.1 2017-11-29 20:53:44 +01:00
Gilles Peskine 1854a0e0cd Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-11-28 18:44:49 +01:00
Gilles Peskine 25aa833ac3 Merge branch 'pr_1082' into mbedtls-2.1 2017-11-28 18:33:50 +01:00
Gilles Peskine 026d18aefa Add ChangeLog entry 2017-11-28 18:33:31 +01:00
Gilles Peskine 283a80d51f Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1 2017-11-28 18:31:28 +01:00
Gilles Peskine 31dce36364 Merge remote-tracking branch 'upstream-public/pr/1080' into mbedtls-2.1 2017-11-28 18:30:18 +01:00
Gilles Peskine a6f6947490 Merge remote-tracking branch 'upstream-public/pr/943' into mbedtls-2.1 2017-11-28 18:28:39 +01:00
Gilles Peskine dc89416ad9 Merge remote-tracking branch 'upstream-public/pr/996' into mbedtls-2.1 2017-11-28 17:10:10 +01:00
Gilles Peskine 1b8822e9b3 Merge remote-tracking branch 'upstream-restricted/pr/422' into mbedtls-2.1-restricted 
Resolved simple conflicts caused by the independent addition of
calls to mbedtls_zeroize with sometimes whitespace or comment
differences.
 2017-11-28 16:21:07 +01:00
Gilles Peskine 9aab6995a9 Merge remote-tracking branch 'upstream-restricted/pr/406' into mbedtls-2.1-restricted 2017-11-28 16:19:19 +01:00
Gilles Peskine 5a8fe053d8 Merge remote-tracking branch 'upstream-restricted/pr/401' into mbedtls-2.1-restricted 2017-11-28 14:24:15 +01:00
Gilles Peskine 336b7de48a Merge remote-tracking branch 'upstream-restricted/pr/386' into mbedtls-2.1-restricted 2017-11-28 14:24:05 +01:00
Gilles Peskine 206110dcb9 Merge branch 'iotssl-1419-safermemcmp-volatile_backport-2.1' into mbedtls-2.1-restricted 2017-11-28 13:51:37 +01:00
Gilles Peskine 2f615af5cf add changelog entry 2017-11-28 13:34:24 +01:00
Gilles Peskine e881a22126 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-11-24 16:06:16 +01:00
Gilles Peskine d08ae68237 Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1 2017-11-24 15:37:29 +01:00
Gilles Peskine 5eb8edc0cb Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2017-11-23 20:11:07 +01:00
Gilles Peskine 7aa24190b4 Merge remote-tracking branch 'upstream-public/pr/1107' into mbedtls-2.1 2017-11-23 20:09:48 +01:00
Gilles Peskine a90c3da42f Merge branch 'iotssl-1368-unsafe-bounds-check-psk-identity-merge-2.1' into mbedtls-2.1-restricted 2017-11-23 19:06:29 +01:00
Gilles Peskine 86eece9e87 ChangeLog entry for ssl_parse_client_psk_identity fix 2017-11-23 19:04:39 +01:00
Manuel Pégourié-Gonnard aed00f7bf7 Merge remote-tracking branch 'restricted/pr/417' into mbedtls-2.1-restricted 
* restricted/pr/417:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
 2017-11-23 12:13:49 +01:00
Darryl Green 67bfc5b46c Add tests for invalid private parameter in mbedtls_ecdsa_sign 2017-11-20 17:11:42 +00:00
Darryl Green 1b052e80aa Add checks for private parameter in mbedtls_ecdsa_sign() 2017-11-20 17:11:17 +00:00
Hanno Becker b09c5721f5 Adapt ChangeLog 2017-11-20 10:43:48 +00:00
Hanno Becker ce516ff449 Fix heap corruption in ssl_decrypt_buf 
Previously, MAC validation for an incoming record proceeded as follows:

1) Make a copy of the MAC contained in the record;
2) Compute the expected MAC in place, overwriting the presented one;
3) Compare both.

This resulted in a record buffer overflow if truncated MAC was used, as in this
case the record buffer only reserved 10 bytes for the MAC, but the MAC
computation routine in 2) always wrote a full digest.

For specially crafted records, this could be used to perform a controlled write of
up to 6 bytes past the boundary of the heap buffer holding the record, thereby
corrupting the heap structures and potentially leading to a crash or remote code
execution.

This commit fixes this by making the following change:
1) Compute the expected MAC in a temporary buffer that has the size of the
   underlying message digest.
2) Compare to this to the MAC contained in the record, potentially
   restricting to the first 10 bytes if truncated HMAC is used.

A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
 2017-11-20 10:16:17 +00:00
Manuel Pégourié-Gonnard ea0aa655f6 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 
* mbedtls-2.1:
  Fix typo in asn1.h
  Improve leap year test names in x509parse.data
  Correctly handle leap year in x509_date_is_valid()
  Renegotiation: Add tests for SigAlg ext parsing
  Parse Signature Algorithm ext when renegotiating
  Fix changelog for ssl_server2.c usage fix
  Fix ssl_server2 sample application prompt
  Update ChangeLog for fix to #836
  Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
  Enhance documentation of mbedtls_ssl_set_hostname
  Add test case calling ssl_set_hostname twice
  Make mbedtls_ssl_set_hostname safe to be called multiple times
  Fix typo in configs/README.txt file
 2017-11-14 08:38:52 +01:00
Ron Eldor be17ed59d6 Address PR review comments 
set `cache->chain` to NULL,
instead of setting the whole structure to zero.
 2017-10-30 18:11:38 +02:00
Ron Eldor 5bd272627b Backport 2.1:Fix crash when calling mbedtls_ssl_cache_free twice 
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
 2017-10-30 18:09:40 +02:00